samba.git
2 years agokrb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
Andreas Schneider [Wed, 8 Mar 2017 09:40:08 +0000 (10:40 +0100)]
krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2 years agotestprogs: Add kinit_trusts tests with smbclient4
Andreas Schneider [Mon, 6 Mar 2017 08:15:45 +0000 (09:15 +0100)]
testprogs: Add kinit_trusts tests with smbclient4

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agotestprogs: Use smbclient by default in test_kinit_trusts
Andreas Schneider [Mon, 6 Mar 2017 08:13:09 +0000 (09:13 +0100)]
testprogs: Use smbclient by default in test_kinit_trusts

This is the tool we use by default and we should test with it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowaf: disable-python - don't include python.h in test_headers.c
Ian Stakenvicius [Mon, 30 Jan 2017 15:11:46 +0000 (10:11 -0500)]
waf: disable-python - don't include python.h in test_headers.c

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 10 11:24:13 CET 2017 on sn-devel-144

2 years agoautobuild: Add nopython environment to test --disable-python builds (but without...
Andrew Bartlett [Mon, 30 Jan 2017 14:36:31 +0000 (09:36 -0500)]
autobuild: Add nopython environment to test --disable-python builds (but without tests)

This ensures we keep this option building as we extend our use of python.

The rule is that new features and changes to existing features that
require python are most welcome, they just need to be disabled for the
minimalistic targets we still ecourage Samba on, that typically just
want smbd

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build torture bits
Ian Stakenvicius [Sat, 28 Jan 2017 03:53:39 +0000 (22:53 -0500)]
waf: disable-python - don't build torture bits

samba-net being disabled causes a chain of dependency or proto.h-based
missing code issues that require a number of modules or subsystems
to be disabled in samba4/torture.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build samba-policy
Ian Stakenvicius [Sat, 28 Jan 2017 02:32:22 +0000 (21:32 -0500)]
waf: disable-python - don't build samba-policy

samba-policy requires samba-net which requires PROVISION, which
is disabled when python isn't available.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build samba-net
Ian Stakenvicius [Sat, 28 Jan 2017 02:31:21 +0000 (21:31 -0500)]
waf: disable-python - don't build samba-net

samba-net requires PROVISION, which is disabled when python isn't available.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build pyrpc_util, dcerpc.py
Ian Stakenvicius [Fri, 27 Jan 2017 22:04:18 +0000 (17:04 -0500)]
waf: disable-python - don't build pyrpc_util, dcerpc.py

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build PROVISION, pyparam_util
Ian Stakenvicius [Fri, 27 Jan 2017 21:49:29 +0000 (16:49 -0500)]
waf: disable-python - don't build PROVISION, pyparam_util

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - don't build python/
Ian Stakenvicius [Fri, 27 Jan 2017 21:38:36 +0000 (16:38 -0500)]
waf: disable-python - don't build python/

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - align tdb's wscript
Ian Stakenvicius [Fri, 27 Jan 2017 19:42:05 +0000 (14:42 -0500)]
waf: disable-python - align tdb's wscript

Drop the configure option for --disable-python as it is now
global in wafsamba.

If samba is set to use a system copy of tdb, and tdb wasn't built
with python support, then the system pytevent will not be found.  If
samba is being built without python support then pytdb is not needed,
so do not bother to try and find it.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - align tevent wscript
Ian Stakenvicius [Fri, 27 Jan 2017 19:37:39 +0000 (14:37 -0500)]
waf: disable-python - align tevent wscript

Drop the configure option for --disable-python as it is now
global in wafsamba.

If samba is set to use a system copy of tevent, and tevent wasn't built
with python support, then the system pytevent will not be found.  If
samba is being built without python support then pytevent is not needed,
so do not bother to try and find it.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - align ldb's wscript
Ian Stakenvicius [Fri, 27 Jan 2017 19:34:25 +0000 (14:34 -0500)]
waf: disable-python - align ldb's wscript

If samba is set to use a system copy of ldb, and ldb wasn't built with
python support, then no system pyldb-util will be found.  If samba is
being built without python support then pyldb-util isn not needed, so
do not bother to try and find it.

The system ldb check had to be duplicated due to the earlier commits
which changed order of ldb and pyldb-util checks, and by association
also added a dependency of pyldb-util onto ldb.  This seemed cleaner
than messing with variables.

The build configuration for pyldb-util needs to exist even if it's
not being built, so that dependency resolution can occur throughout
the rest of the samba build system -- this required dropping the higher
level conditional and using the enabled= parameter instead.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - align talloc's wscript
Ian Stakenvicius [Fri, 27 Jan 2017 19:27:50 +0000 (14:27 -0500)]
waf: disable-python - align talloc's wscript

Drop the configure option for --disable-python as it is now
global in wafsamba

If samba is set to use a system copy of talloc, and talloc wasn't built
with python support, then the system pytalloc-util will not be found.
If samba is being built without python support then pytalloc-util is not
needed, so do not bother to try and find it.

The build configuration for pytalloc-util needs to exist even if it's
not being built, so that dependency resolution can occur throughout
the rest of the samba build system -- this required dropping the higher
level conditional and using the enabled= parameter instead.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - configuration adjustments
Ian Stakenvicius [Fri, 27 Jan 2017 19:07:21 +0000 (14:07 -0500)]
waf: disable-python - configuration adjustments

Adjust configuration to accomodate when --disable-python is set:

- Error when AD-DC is still enabled (and others later as needed)

- Set mandatory=false on SAMBA_CHECK_PYTHON_HEADERS

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - add option globally to build system
Ian Stakenvicius [Fri, 27 Jan 2017 18:28:01 +0000 (13:28 -0500)]
waf: disable-python - add option globally to build system

This commit adds --disable-python as an option to the build system.
It adds PYTHON_BUILD_IS_ENABLED() to bld, to be used with enabled=
on other modules, and adjusts SAMBA_PYTHON() to set enabled=False
if PYTHON_BUILD_IS_ENABLED() is false.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agowaf: disable-python - fix ctdb configuration
Ian Stakenvicius [Thu, 23 Feb 2017 15:16:25 +0000 (10:16 -0500)]
waf: disable-python - fix ctdb configuration

When ctdb is built in standalone mode, it turned off the python
requirement for submodules by setting Options.options.disable_python
to True before checking for its own (non-optional) python support.

Ad ctdb does not need python for itself or any of the submodules
it is built against, the safest solution seems to be to allow
the python and python-headers checks to not find python.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: Port the samba.net module to Python 3
Petr Viktorin [Mon, 23 Jan 2017 19:34:08 +0000 (20:34 +0100)]
python: Port the samba.net module to Python 3

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: Remove unused import PY3
Andrew Bartlett [Thu, 9 Feb 2017 03:16:10 +0000 (16:16 +1300)]
python: Remove unused import PY3

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: selftest: Add possibility to run old Python test suites with Python 3
Lumir Balhar [Tue, 17 Jan 2017 10:05:44 +0000 (11:05 +0100)]
python: selftest: Add possibility to run old Python test suites with Python 3

Add possibility to execute old Python test suites with Python 3
and enable tests with Python 3 of ported samba.gensec module.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.gensec: Port module to Python 3 compatible form
Lumir Balhar [Tue, 17 Jan 2017 12:20:38 +0000 (13:20 +0100)]
python: samba.gensec: Port module to Python 3 compatible form

Port samba.gensec and samba.tests.gensec modules to Python 3
compatible form, enable execution of tests with Python 3 and
remove unused import of samba.gensec from samba.tests module
__init__.py file.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.gensec: Fix error handling in set_credentials() function
Lumir Balhar [Mon, 30 Jan 2017 13:18:46 +0000 (14:18 +0100)]
python: samba.gensec: Fix error handling in set_credentials() function

Add `return NULL;` to error handling part of `set_credentials()`
function.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: selftests: Enable samba.getopt tests execution with Python 3
Lumir Balhar [Wed, 18 Jan 2017 09:44:08 +0000 (10:44 +0100)]
python: selftests: Enable samba.getopt tests execution with Python 3

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.getopt: Port module to Python 3 compatible form
Lumir Balhar [Tue, 17 Jan 2017 10:03:17 +0000 (11:03 +0100)]
python: samba.getopt: Port module to Python 3 compatible form

Port samba.getopt module to Python 3 compatible form.

Remove unused and untested `get_hostconfig()` function. Andrew Bartlett
suggested this removal because it is the simpliest way how to break
a long dependency line of Python modules which have to be ported
at once.
More info: https://lists.samba.org/archive/samba-technical/2017-January/118150.html

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.core: Port and enable core tests in Python 3
Lumir Balhar [Mon, 2 Jan 2017 13:10:29 +0000 (14:10 +0100)]
python: samba.tests.core: Port and enable core tests in Python 3

Port samba core tests to Python 3 compatible form and enable their
execution with Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests: Move import of ported modules out of PY3 condition
Lumir Balhar [Mon, 2 Jan 2017 07:52:29 +0000 (08:52 +0100)]
python: samba.tests: Move import of ported modules out of PY3 condition

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba._ldb: Port of samba._ldb to Python 3 compatible form
Lumir Balhar [Mon, 2 Jan 2017 07:51:19 +0000 (08:51 +0100)]
python: samba._ldb: Port of samba._ldb to Python 3 compatible form

Port of samba._ldb Python module to Python 3 compatible form.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.auth: Add tests for samba.auth module
Lumir Balhar [Mon, 2 Jan 2017 13:39:17 +0000 (14:39 +0100)]
python: samba.tests.auth: Add tests for samba.auth module

Add some tests which test that `system_session` object has
correct attributes and methods.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.auth: Port samba.auth to Python 3 compatible form
Lumir Balhar [Tue, 20 Dec 2016 09:57:13 +0000 (10:57 +0100)]
python: samba.auth: Port samba.auth to Python 3 compatible form

Port samba.auth Python module to Python 3 compatible form and
enable tests execution with Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: wscript_build: Build some DCE/RPC modules with Python 3
Lumir Balhar [Tue, 20 Dec 2016 09:54:24 +0000 (10:54 +0100)]
python: wscript_build: Build some DCE/RPC modules with Python 3

Samba.auth Python module depends on a lot of DCE/RPC modules which
have to be built with Python 3 to make port of samba.auth to
Python 3 possible.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.dcerpc: Port security module to Python 3 comp. form
Lumir Balhar [Tue, 20 Dec 2016 09:53:23 +0000 (10:53 +0100)]
python: samba.dcerpc: Port security module to Python 3 comp. form

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agodcerpc/misc tests: asset GUID ordering in python 2 and 3
Douglas Bagnall [Fri, 10 Mar 2017 02:48:38 +0000 (15:48 +1300)]
dcerpc/misc tests: asset GUID ordering in python 2 and 3

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython: samba.tests.dcerpc.misc: Port and enable tests
Lumir Balhar [Wed, 18 Jan 2017 10:38:55 +0000 (11:38 +0100)]
python: samba.tests.dcerpc.misc: Port and enable tests

Port tests of samba.dcerpc.misc module to Python 3 compatible form
and enable their execution with Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.dcerpc: Port RPC related stuff to Python 3
Lumir Balhar [Wed, 15 Feb 2017 08:19:33 +0000 (09:19 +0100)]
python: samba.dcerpc: Port RPC related stuff to Python 3

Port RPC related stuff like samba.dcerpc.misc and samba.dcerpc
Python modules and pyrpc_util to Python 3 compatible form.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython: pidl: Port Python interface generator
Lumir Balhar [Mon, 23 Jan 2017 20:03:17 +0000 (21:03 +0100)]
python: pidl: Port Python interface generator

Port PIDL generator of Python interfaces to generate interfaces in
Python 3 compatible form.

Python 2.7 is now required, so we can use PyCapsule in both versions.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython: samba.tests: Enable Python 3 tests for ported modules
Lumir Balhar [Sat, 10 Dec 2016 14:11:14 +0000 (15:11 +0100)]
python: samba.tests: Enable Python 3 tests for ported modules

Enable tests with Python 3 for Python 3 compatible modules.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agobuildtools: Work around a . being in the target name when building python3 helpers
Andrew Bartlett [Thu, 9 Feb 2017 02:07:39 +0000 (15:07 +1300)]
buildtools: Work around a . being in the target name when building python3 helpers

The pyparam_util module becomes pyparam_util.cpython_35m_x86_64_linux_gnu but
the command line parser for -D stops at the first .

That we even set -DSTATIC_subsystem_MODULES_PROTO for these subsystems without
any modules ever declared is left for another time

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: wscript_build: Build some modules for Python 3
Lumir Balhar [Sat, 10 Dec 2016 14:01:17 +0000 (15:01 +0100)]
python: wscript_build: Build some modules for Python 3

Update a few wscript_build files to build Python 3-compatible modules
for Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: Make top-level samba modules Python 3 compatible
Lumir Balhar [Tue, 13 Dec 2016 10:26:53 +0000 (11:26 +0100)]
python: Make top-level samba modules Python 3 compatible

New file compat.py will help with porting to Python 3. For now, it
contains only PY3 variable based on six.PY3 which simplifies
condition mentioned below.

The added `if not PY3` conditions enable us to bootstrap running
tests with Python 3 even if most modules are not ported yet.
The plan is to move modules outside this condition as they are ported.
The `PY3` condition is currently used only in tests and for
the samba._ldb module which is not ported yet and has a lot of
dependencies.

The other changes are related to differences between Python 2 and 3.
Python 2.6 introduced the `0o` prefix for octal literals as an
alternative to plain `0`. In Python 3, support for plain `0` is
dropped and octal literals have to start with `0o` prefix.
Python 2.6 introduced a clearer `except` syntax:
`except ExceptionType as target:` instead of
`except ExceptionType, target:`. In Python 3, the old syntax
is no longer allowed.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.dcerpc: Move Class RawDCERPCTest to separated file.
Lumir Balhar [Thu, 8 Sep 2016 07:05:22 +0000 (09:05 +0200)]
python: samba.tests.dcerpc: Move Class RawDCERPCTest to separated file.

The class is quite big, used in only one place, and it complicates
situation around bootstrapping of Python 3 port.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.glue: Add new tests for samba._glue.
Lumir Balhar [Tue, 13 Dec 2016 10:20:42 +0000 (11:20 +0100)]
python: samba.tests.glue: Add new tests for samba._glue.

Add new file with tests of samba._glue module.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba._glue: Port samba._glue module to Python 3.
Lumir Balhar [Mon, 5 Dec 2016 11:14:28 +0000 (12:14 +0100)]
python: samba._glue: Port samba._glue module to Python 3.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.param: Add missing tests
Lumir Balhar [Sat, 10 Dec 2016 13:11:04 +0000 (14:11 +0100)]
python: samba.tests.param: Add missing tests

Add some new tests of samba.param Python bindings.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.param: Port param module to Python 3
Lumir Balhar [Sat, 10 Dec 2016 12:55:43 +0000 (13:55 +0100)]
python: samba.param: Port param module to Python 3

Port Python bindings of samba.param module to
Python3-compatible form.

Because native Python file objects are officially
no longer backed by FILE*, API of some _dump()
functions is changed. File argument is now
optional and contains only name of file. Stdout
is default if no file name is specified. Otherwise
opening and closing files is done on C layer
instead of Python.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.tests.credentials: Python 3 compatible tests
Lumir Balhar [Wed, 18 Jan 2017 10:28:08 +0000 (11:28 +0100)]
python: samba.tests.credentials: Python 3 compatible tests

Port test of pycredentials to Python 3 compatible form.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopython: samba.credentials: Port pycredentials.c to Python3-compatible form.
Lumir Balhar [Mon, 17 Oct 2016 14:07:31 +0000 (16:07 +0200)]
python: samba.credentials: Port pycredentials.c to Python3-compatible form.

Port Python bindings of samba.credentials module to
Python3-compatible form using macros from py3compat.h.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agolib/ldb: Enable use of a python3 pyldb-util system library
Andrew Bartlett [Mon, 6 Mar 2017 09:23:35 +0000 (22:23 +1300)]
lib/ldb: Enable use of a python3 pyldb-util system library

To do this, we have to install a .pc file for the python3 pyldb-util

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Incorportaing fixes by Petr Viktorin <pviktori@redhat.com>

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
2 years agotalloc: use the system pytalloc-util for python3 as well
Andrew Bartlett [Mon, 6 Mar 2017 06:25:13 +0000 (19:25 +1300)]
talloc: use the system pytalloc-util for python3 as well

This involves installing a .pc file for the python3 library as well

To get the .pc file generated and installed is quite a mission, we
have to rework the talloc build system to ensure that the second 'env'
created for EXTRA_PYTHON has everything set up on it, the
TALLOC_VERSION in particular.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Incorportaing fixes by Petr Viktorin <pviktori@redhat.com>

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
2 years agoscripts/traffic_summary: documentation typo
Douglas Bagnall [Wed, 1 Mar 2017 04:33:09 +0000 (17:33 +1300)]
scripts/traffic_summary: documentation typo

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years ago./examples/scripts/SambaConfig.py: fix typo in "continue"
Douglas Bagnall [Thu, 9 Mar 2017 02:13:32 +0000 (15:13 +1300)]
./examples/scripts/SambaConfig.py: fix typo in "continue"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/examples/winreg: two variable name typos on a single line
Douglas Bagnall [Thu, 9 Mar 2017 02:11:08 +0000 (15:11 +1300)]
python/examples/winreg: two variable name typos on a single line

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython sites/subnets: correctly spell variable name
Douglas Bagnall [Thu, 9 Mar 2017 01:55:32 +0000 (14:55 +1300)]
python sites/subnets: correctly spell variable name

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython provision: FDSBackend takes forced uri
Douglas Bagnall [Thu, 9 Mar 2017 01:54:58 +0000 (14:54 +1300)]
python provision: FDSBackend takes forced uri

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/remove_dc: avoid using non-existent variable
Douglas Bagnall [Thu, 9 Mar 2017 01:53:46 +0000 (14:53 +1300)]
python/remove_dc: avoid using non-existent variable

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool domain: correctly spell variable name
Douglas Bagnall [Thu, 9 Mar 2017 01:51:27 +0000 (14:51 +1300)]
samba-tool domain: correctly spell variable name

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/join: correct spelling of "ctx.del_noerror"
Douglas Bagnall [Thu, 9 Mar 2017 01:50:14 +0000 (14:50 +1300)]
python/join: correct spelling of "ctx.del_noerror"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: remove unused broken client.py
Douglas Bagnall [Thu, 9 Mar 2017 01:47:50 +0000 (14:47 +1300)]
selftest: remove unused broken client.py

Nothing uses this, and pyflakes points out it is unusable:

./selftest/client.py:60: undefined name 'prefix_abs'
./selftest/client.py:69: undefined name 'opts'
./selftest/client.py:70: undefined name 'interfaces'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogitignore: add some hidden files
Douglas Bagnall [Wed, 8 Mar 2017 04:04:55 +0000 (17:04 +1300)]
gitignore: add some hidden files

.gdb_history is generated by gdb,
.emacs* are generated by emacs, and
.clang* by clang.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoperftests/ad_dc_search: do less work in expensive member searches
Douglas Bagnall [Thu, 9 Mar 2017 22:14:48 +0000 (11:14 +1300)]
perftests/ad_dc_search: do less work in expensive member searches

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopyldb: p3k readiness: allow single unicode string in msg element
Douglas Bagnall [Tue, 10 Jan 2017 23:18:15 +0000 (12:18 +1300)]
pyldb: p3k readiness: allow single unicode string in msg element

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotalloc: fix doxygen of talloc_move
Uri Simchoni [Thu, 9 Mar 2017 12:40:54 +0000 (14:40 +0200)]
talloc: fix doxygen of talloc_move

talloc_move cannot fail.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 10 07:30:40 CET 2017 on sn-devel-144

2 years agoauth_ntdomain3: Correctly handle !authoritative
Volker Lendecke [Sun, 12 Feb 2017 18:20:07 +0000 (19:20 +0100)]
auth_ntdomain3: Correctly handle !authoritative

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth_winbind4: Correctly handle !authoritative
Volker Lendecke [Sat, 25 Feb 2017 09:55:28 +0000 (09:55 +0000)]
auth_winbind4: Correctly handle !authoritative

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth_winbind3: Correctly handle !authoritative
Volker Lendecke [Sat, 11 Feb 2017 09:25:44 +0000 (10:25 +0100)]
auth_winbind3: Correctly handle !authoritative

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos3/smbd: add my copyright to open.c
Ralph Boehme [Tue, 7 Mar 2017 18:24:45 +0000 (19:24 +0100)]
s3/smbd: add my copyright to open.c

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4/torture: some tests for kernel oplocks
Ralph Boehme [Wed, 1 Mar 2017 17:13:35 +0000 (18:13 +0100)]
s4/torture: some tests for kernel oplocks

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/selftest: adopt config.h check from source4
Ralph Boehme [Wed, 8 Mar 2017 06:18:36 +0000 (07:18 +0100)]
s3/selftest: adopt config.h check from source4

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: fix deferred open with streams and kernel oplocks
Ralph Boehme [Tue, 7 Mar 2017 15:27:39 +0000 (16:27 +0100)]
s3/smbd: fix deferred open with streams and kernel oplocks

I noticed smbd can get stuck in an open() call with kernel oplocks
enabled and named streams (provided by vfs_streams_xattr):

- client opens a file and with an exclusive oplock

- client starts writing to the file

- client opens an existing stream of the file

- the smbd process gets stuck in an open()

What happens is:

we had setup a locking.tdb record watch in defer_open(), the watch was
triggered, we reattempted the open and got stuck in a blocking open
because the oplock holder (ourselves) hadn't given up the oplock yet.

Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added
the kernel oplock retry logic. tldr: with kernel oplocks the first open
is non-blocking, but the second one is blocking.

Detailed analysis follows.

When opening a named stream of a file, Samba internally opens the
underlying "base" file first. This internal open of the basefile suceeds
and does *not* trigger an oplock break (because it is an internal open
that doesn't call open() at all) but it is added as an entry to the
locking.tdb record of the file.

Next, the stream open ends up in streams_xattr where a non-blocking
open() on the base file is called. This open fails with EWOULDBLOCK
because we have another fd with a kernel oplock on the file.

So we call defer_open() which sets up a watch on the locking.tdb record.

In the subsequent error unwinding code in open_file_ntcreate() and
callers we close the internal open file handle of the basefile which
also removes the entry from the locking.tdb record and so *changes the
record*.

This fires the record watch and in the callback defer_open_done() we
don't check whether the condition (oplock gone) we're interested in is
actually met. The callback blindly reschedules the open request with
schedule_deferred_open_message_smb().

schedule_deferred_open_message_smb() schedules an immediate tevent event
which has precedence over the IPC fd events in messaging, so the open is
always (!) reattempted before processing the oplock break message.

As explained above, this second open will be a blocking one so we get
stuck in a blocking open.

It doesn't help to make all opens non-blocking, that would just result
in a busy loop failing the open, as we never process the oplock break
message (remember, schedule_deferred_open_message_smb() used immediate
tevent events).

To fix this we must add some logic to the record watch callback to check
whether the record watch was done for a kernel oplock file and if yes,
check if the oplock state changed. If not, simply reschedule the
deferred open and keep waiting.

This logic is only needed for kernel oplocks, not for Samba-level
oplocks, because there's no risk of deadlocking, the worst that can
happen is a rescheduled open that fails again in the oplock checks and
gets deferred again.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: all callers of defer_open() pass a lck
Ralph Boehme [Tue, 7 Mar 2017 14:48:05 +0000 (15:48 +0100)]
s3/smbd: all callers of defer_open() pass a lck

No change in behaviour. Update the function comment explaining how it
works and relies on lck for a record watch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: remove async_open arg from defer_open()
Ralph Boehme [Tue, 7 Mar 2017 18:11:20 +0000 (19:11 +0100)]
s3/smbd: remove async_open arg from defer_open()

All remaining callers pass false.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: fix schedule_async_open() timer
Ralph Boehme [Tue, 7 Mar 2017 14:33:55 +0000 (15:33 +0100)]
s3/smbd: fix schedule_async_open() timer

schedule_async_open() was calling defer_open with sharemode lock = NULL,
as a result there was never an active 20 s timeout.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

Just roll our own deferred record instead of calling defer_open() and
also set up timer that, as a last resort, catches stuck opens and just
exits for now.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add and use retry_open() instead of defer_open() in two places
Ralph Boehme [Tue, 7 Mar 2017 14:03:12 +0000 (15:03 +0100)]
s3/smbd: add and use retry_open() instead of defer_open() in two places

Add a new function that does an immediate open rescheduling.

The first deferred open this commit changes was never scheduled, as the
scheduling relies on a timeout of the watch on the sharemode lock.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

That patchset added the dbwrap watch record logic to defer_open() and
removed the timers.

I'm doing this mainly to untangle the defer_open() logic which is
complicated by the lck arg.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: simplify defer_open()
Ralph Boehme [Tue, 7 Mar 2017 13:37:54 +0000 (14:37 +0100)]
s3/smbd: simplify defer_open()

Add a helper function deferred_open_record_create() that creates a
deferred_open_record and let all callers pass all needed arguments
individually.

While we're at it, enhance the debug message in defer_open() to print
all variables.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: req is already validated at the beginning of open_file_ntcreate()
Ralph Boehme [Tue, 7 Mar 2017 13:10:39 +0000 (14:10 +0100)]
s3/smbd: req is already validated at the beginning of open_file_ntcreate()

req can't be NULL because the if condition surrounding this code checks
!(oplock_request & INTERNAL_OPEN_ONLY).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add comments and some reformatting to open_file_ntcreate()
Ralph Boehme [Mon, 6 Mar 2017 10:43:08 +0000 (11:43 +0100)]
s3/smbd: add comments and some reformatting to open_file_ntcreate()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add const to get_lease_type() args
Ralph Boehme [Sat, 4 Mar 2017 12:55:55 +0000 (13:55 +0100)]
s3/smbd: add const to get_lease_type() args

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/wscript: fix Linux kernel oplock detection
Ralph Boehme [Mon, 6 Mar 2017 11:09:53 +0000 (12:09 +0100)]
s3/wscript: fix Linux kernel oplock detection

Fix a copy/paste error, the Linux kernel oplocks check was copied from
the change notify support check.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbindd: Remove an unused #define
Volker Lendecke [Wed, 8 Mar 2017 09:26:38 +0000 (10:26 +0100)]
winbindd: Remove an unused #define

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Mar 10 00:00:15 CET 2017 on sn-devel-144

2 years agowinbind: Use talloc_strdup_upper where appropriate
Volker Lendecke [Wed, 8 Mar 2017 09:17:16 +0000 (10:17 +0100)]
winbind: Use talloc_strdup_upper where appropriate

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoldap_server: Fix a typo
Volker Lendecke [Tue, 7 Mar 2017 14:29:18 +0000 (15:29 +0100)]
ldap_server: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agowinbind: Fix a typo
Volker Lendecke [Mon, 6 Mar 2017 20:33:28 +0000 (20:33 +0000)]
winbind: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoldb: add LDB_FLG_DONT_CREATE_DB
Stefan Metzmacher [Fri, 24 Feb 2017 14:34:33 +0000 (15:34 +0100)]
ldb: add LDB_FLG_DONT_CREATE_DB

This avoids creating an new tdb files on ldbsearch
or other callers which use LDB_FLG_DONT_CREATE_DB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar  9 16:02:21 CET 2017 on sn-devel-144

2 years agoauth3: Simplify auth_check_ntlm_password logic with a "goto fail"
Volker Lendecke [Sat, 11 Feb 2017 10:38:56 +0000 (11:38 +0100)]
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"

No intended code change, just reformatting and a goto fail with
inverted logic

Best viewed with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar  9 02:01:35 CET 2017 on sn-devel-144

2 years agoauth3: Simplify auth_check_ntlm_password logic with a "goto fail"
Volker Lendecke [Sat, 11 Feb 2017 10:38:56 +0000 (11:38 +0100)]
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"

No intended code change, just reformatting and a goto fail with
inverted logic

Best viewed with "git show -b" :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Simplify auth_check_ntlm_password server_info handling
Volker Lendecke [Sat, 11 Feb 2017 10:34:58 +0000 (11:34 +0100)]
auth3: Simplify auth_check_ntlm_password server_info handling

Instead of directly assigning (*pserver_info), work on a local copy
first and assign it once when successful

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Simplify auth_check_ntlm_password talloc handling
Volker Lendecke [Sat, 11 Feb 2017 10:26:09 +0000 (11:26 +0100)]
auth3: Simplify auth_check_ntlm_password talloc handling

Use talloc_stackframe and talloc_tos. Don't bother to talloc_free
within the loop, we don't have many iterations.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Use talloc_move instead of _steal
Volker Lendecke [Sun, 19 Feb 2017 13:23:58 +0000 (14:23 +0100)]
auth3: Use talloc_move instead of _steal

That's the more "modern" way to steal

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Centralize auth_check_ntlm_password failure handling
Volker Lendecke [Sat, 11 Feb 2017 10:24:22 +0000 (11:24 +0100)]
auth3: Centralize auth_check_ntlm_password failure handling

Preparation for simplified talloc handling. Slight behaviour change:
We now ZERO_STRUCTP(pserver_info) in all failure cases.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
Alexander Bokovoy [Wed, 8 Mar 2017 10:38:49 +0000 (12:38 +0200)]
s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper

MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing
credentials from a keytab without specifying actual principal.
This was fixed in MIT krb5 1.9.2 (see commit
71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git
master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5).

Move fallback code to the smb_gss_krb5_import_cred wrapper. We only
expect this fallback to happen with krb5 GSSAPI mechanism, thus hard
code use of krb5 mech when calling to gss_acquire_cred.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Mar  8 22:00:24 CET 2017 on sn-devel-144

2 years agos3-gse: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:58:14 +0000 (16:58 +0200)]
s3-gse: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolibads: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:57:50 +0000 (16:57 +0200)]
libads: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agocredentials_krb5: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:57:13 +0000 (16:57 +0200)]
credentials_krb5: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
Alexander Bokovoy [Fri, 3 Mar 2017 14:14:57 +0000 (16:14 +0200)]
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper

Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.

The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agogssapi: check for gss_acquire_cred_from
Alexander Bokovoy [Fri, 3 Mar 2017 15:08:09 +0000 (17:08 +0200)]
gssapi: check for gss_acquire_cred_from

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3-libads: Do not leak the msg on error
Andreas Schneider [Wed, 5 Oct 2016 08:33:26 +0000 (10:33 +0200)]
s3-libads: Do not leak the msg on error

ldap_search_ext_s manpage states:
Note that res parameter of ldap_search_ext_s should be freed with
ldap_msgfree() regardless of return value of these functions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph B√∂hme <slow@samba.org>
Autobuild-Date(master): Wed Mar  8 14:59:35 CET 2017 on sn-devel-144

2 years agoidmap_autorid: allocate new domain range if the callers knows the sid is valid
Stefan Metzmacher [Mon, 6 Mar 2017 11:53:09 +0000 (11:53 +0000)]
idmap_autorid: allocate new domain range if the callers knows the sid is valid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar  8 04:06:59 CET 2017 on sn-devel-144

2 years agomanpages/vfs_fruit: document global options
Ralph Boehme [Tue, 7 Mar 2017 17:10:56 +0000 (18:10 +0100)]
manpages/vfs_fruit: document global options

Some options MUST be set in the global section, better document that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Add a debug message for out-of-range IDs
Volker Lendecke [Tue, 7 Mar 2017 13:06:52 +0000 (14:06 +0100)]
winbind: Add a debug message for out-of-range IDs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Remove unused wcache_tdc_fetch_domainbysid
Volker Lendecke [Tue, 21 Feb 2017 17:41:59 +0000 (18:41 +0100)]
winbind: Remove unused wcache_tdc_fetch_domainbysid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>